Re: New firmware with built in Torrent Client

haydude · ‎2016-03-08

I noticed this morning that the torrent stopped automatically probably because it has been idle. I have now restarted it, I configured it to run permanently and I am seeing two nodes downloading right now.

Please try again.

AndyTaylor · ‎2016-03-08

Got it, many thanks.

haydude · ‎2016-03-08

Please keep seeding and let me have your feedback.

openvpn client and dnsmasq are thouroughly tested as well as ADSL and Network connectivity.

Everything else is almost unchanged but need a thorough regression test.

One big TO-DO is firewall configuration. This applies to the original Netgear firmware (and thus to every custom build based on it).

Netegear totally omitted to include a proper firewall configuration and relies upon NAT being active for basic security. This works well if you have one internet facing dynamic or static IP address. What if you have a subnet like in my case? The bottom line is that you can't use either this router or any other similar Netgear router because there is no way you will be able to activate firewall access control to every IP in your subnet.

The only solution would be to deactivate Netgear's proprietary NAT and firewall and configure iptables manually. Not for the newbies. Neither someone experienced as myself would entrust his security to a mix of proprioetary and poorly documented firewall (the only documentation we have is the reverse engineered information provided kindly by richud) and iptables.

w3wilkes · ‎2016-03-09

@haydude, I see that in this update you only did the AnnexA version of the DGND3700v1. Will you be doing the other 3 that @richud gave us? AnnexB for DGND3700v1, AnnexA & B for DGND3800. And much thanks for this!

haydude · ‎2016-03-10

I am afraid I have only a DGND3700v1 and an Annex A adsl I can test.

Happy to share the image for someone who wants to build the other images.

w3wilkes · ‎2016-03-10

Okay, thanks. I just presumed that you got all 4 images from Richud.

stucroft · ‎2016-03-12

I had the same problem. I've got round it by adding 'dev tun' to the Custom Options box at the bottom of the OpenVPN screen.

AndyTaylor · ‎2016-03-15

Hi Haydude

I've been persisting with your firmware and have found the following:

Option 66 can be set by using dhcp-option-force=66,<IPADDRESS or HOSTNAME>

This appears to work based on a Wireshark trace, but I haven't tested it with a phone yet.

There seems to be a strange issue with DNS. I've cheated a bit and added the internal IP address as an entry on my external nameserver so that pabx.ajtaylor.com points to 192.168.0.20

Strangely, the router refuses to resolve this. www.mydomain.com resolves OK (to a public IP address) and the internal address resolves fine via another dns server, but not the router. Even more interesting is that if you ssh onto the router and try
nslookup pabx.ajtaylor.com 8.8.8.8 does not work:

root@DGND3700:~# nslookup pabx.ajtaylor.com 8.8.8.8

Server: 8.8.8.8

Address 1: 8.8.8.8 google-public-dns-a.google.com

nslookup: can't resolve 'pabx.ajtaylor.com'

Even specifying 192.168.0.20 as the dns server to query doesn't work and it definitely knows the answer:

root@DGND3700:~# nslookup pabx.ajtaylor.com 192.168.0.20

Server: 192.168.0.20

Address 1: 192.168.0.20

nslookup: can't resolve 'pabx.ajtaylor.com'

Any ideas?

AndyTaylor · ‎2016-03-15

Of course, straight after posting, I found the answer - it was

Block fake upstream private IP ranges - set to yes (default). Set to no and the name resolves as expected. Phew.

ascorp · ‎2016-03-17

Hello,and thanks so much for firmware DGND3800_annexeA_2015-12-04_D.chk, i use it of course on DGND3800B! But I have a problem with the USB flash drive and hard disk drive, miniDLNA working properly, but ReadySHARE is not visible, pops up the message "no disk" what could it be? I format the flash drive, and hard disk in different ways and it did not help, enyone hel me ?

USB : ReadySHARE and miniDNLA

Ariheri · ‎2016-03-17

I've had the same issue with ready share/miniDLNA. Attached drives not visible. I think the same issue wit Samba too.

MichaelSchemmer · ‎2016-03-23

Hi All,

Thanks for the new firmware from ezplanet and the hard work thats been done to get it working.

I'm having an issue with the VPN though. I receive an error when connecting:

Options error: Unrecognized option or missing parameter(s) in [PUSH-OPTIONS]:1: 192.168.0.0 (2.3.8)

I take it that its cos the route parameter is not set correctly in the push command. I've tried changing it, but it doesn't help. Gonna try bounce the router now and test, but just wanna let you guys know for future firmware revisions....

Unless I'm doing something wrong....

MichaelSchemmer · ‎2016-03-23

Oh and the router keeps recreating new certs for VPN on reboot.

A new OpenVPN client was released, which causes the VPN to not connect at all cos of the SSL v3.0 update:

VERIFY ERROR: depth=1, error=self signed certificate in certificate chain: C=UK, ST=TBT, O=Netgear, CN=DGND3700
TLS_ERROR: BIO read tls_read_plaintext error: error:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed
TLS Error: TLS object -> incoming plaintext read error
TLS Error: TLS handshake failed

Can this be fixed?

richud · ‎2016-03-29

Happy Easter ! ...finally some spare time, updating/fixing stuff now...

(managed ~116 days router uptime and just had a powercut - so been pretty stable! )

w3wilkes · ‎2016-03-29

Richud, Great to hear from you and hope you also had a great Easter! Again, can't thank you enough for the work you've done making this fantastic firmware.

richud · ‎2016-03-31

@w3 many thanks 🙂

Almost done but just hit last minute snag as updated inadyn-mt and something seems to have changed with config for it, doh.

LuKePicci · ‎2016-04-01

@richud Are you referring to pppd binaries? I haven't found sources for pppd except from the pppd package in the GPL folder, but the binary actually used doesn't seem to be compiled from there.

richud · ‎2016-04-01

Hi Luke, the one that gets built is in
./userspace/public/apps/ppp/pppoe
not any of these three
./userspace/ap/gpl/ppp-2.4.4
./userspace/ap/gpl/ppp
./userspace/ap/gpl/pppoecd
the patches you found are unfortunately not for there top one as fas as I can see

(regarding inadyn-mt it appears to be some bug that came in after inadyn-mt.v.02.24.47 so am reverting to that)

richud · ‎2016-04-03

new test release

DGND3x00_2016-04-02_21:35.tar.xz

openvpn works/tested (in server mode at least, connecting via iPhone) it now lets you download a generated .ovpn file of settings. Lots of other minor fixes and updates to various programs. Will list all on final. The only semi major change is addition of hpn-ssh which is a patch set to modify openssh , thus scp file copy is now several times faster (if anyone uses ssh to xfer files)

Currently working on getting help files done (half working in this release) - I realised I wouldnt get time to fix help files this w/e to put out a 'final' so thought I would put this out as an interim test.

If anyone finds any problems please let me know asap, but not if its a non-working help file 🙂

pietrodevo · ‎2016-04-03

Hi Richud, now testing your release and, yes!, openvpn now working and very well I say, thank you so much for your continuous effort!
One thing: If you would like to have help file for all new functions translated in other languages, so to have locales, I would be really glad to offer my help and translate to my language (italian)

yonesmit · ‎2016-04-03

Hello richud,

Thanks for your work, great!!

I found little issues:

- When setting a Port Forwarding the Internal Starting Port field can't be edited. Is it normal?
- When activating the Remote Management feature the router uses deprecated https SSLv3 protocol. Can this be changed?
- When editing the SSH/SFTP (Dropbear) Listen ports I can´t enter more tnan one port because it doesn't accept the CARRIAGE RETURN

Thanks a lot for maintaining alive our router

Best Regards,

richud · ‎2016-04-04

@pietrodevo: thanks you for the kind offer but I am trying to just use the relevant man pages where possible (which are almost always only in English).
@yonesmit
1) untick 'Use the same port range for Internal port'
2) afraid that is all built into the original web server binary so stuck with it. I would suggest going via an SSH tunnel if you want to access the web interface externally, it is more secure.
3) It should allow a new line but not a carriage return - afaik all browsers should use a line feed when you press return in a browser? I just tested with Chrome on Ubuntu and Chrome/FF/IE11 in Win7 and cant cause it to not work, what OS/browser are you using please?

yonesmit · ‎2016-04-05

@richud

1) OMG, how embarrassing, I didn't notice the check box

2) OK. i will live with it.

3) Now I tested your sw again and it works ok. I think that the problem was with haydude's version (I ended using param program from command line). So my fault again.

Thanks for your work

Best Regards,

richud · ‎2016-04-10

Firmware

DGND3x00_2016-04-10_09:49.tar.xz

Build Files
DGND3800B_2016-04-10_09:49.BUILD.tar.xz

Updated:

Avahi, NFS utils, libxml, openSSL,ntfs-3g, dropbear,sqlite,transmission, busybox,openvpn

Fixed:

openVPN should now work. .ovpn generator added.

Lots of minor fixes. (Including input sanitizing on textarea boxes that I messed up!)

Re-enabled functionaility of www.routerlogin.com www.routerlogin.net to get to interface.

Added:

HPN-ssh (Pittsburgh Supercomputing Centre) patches for faster SCP

Re-enabled Wifi DFS channels.

NTP now has a config page.

Help files (man pages mostly)

Transmission has new option to update blocklist on program startup.

@yonesmit - TLS now 🙂 , repointed httpd at new libs and disabled SSL2/3 in openSSL. Note however via 'remote access' you will only get old interface options as it is only pointing at netgears original web server. You will need SSL tunnel for both. e.g. make tunnel like this

ssh -L localhost:1080:192.168.0.1:80  -L localhost:1081:192.168.0.1:81 admin@yonesmit.dyndns.com -p 2222

Then your browser at http://localhost:1080

@whskerp Wifi DFS channels now shown in gui

radiomike00 · ‎2016-04-10

Hi @richud

Just updated to your latest firmware. So far seems good, all the bits that are important to me seem to work. However the web admin interface seems to vary depending on the address used.

If I connect using either the routers IP or www.routerlogin.net, then everything appears fine and seems to work as expected. However if I omit the www then different parts of the web interface seem to fail. Most of the netgear side seems to work, but a lot of the additional bits don't.

I've tested on chrome and firefox and results are the same.

While testing the above, I was also getting something strange with the advanced pages when using the .com variations. But thats a problem on my end, seems that ".com/ADV" is a filter in Easylist, which my adblocker is using. So that was stopping ADV_home.htm from loading. If I disable the blocker then it behaves as above.

It's not exactly a big deal, but if you're used to omitting the www then it could make things interesting.

Thanks for all your work.